Regulatory Compliance, Governance and Security

Aug 23 2009   4:39PM GMT

GLBA, HIPAA, SAS 70, PCI DSS | what is next for Compliance?



Posted by: Charles Denyer
Tags:
charles denyer
GLBA
HIPAA
payment card industry data security standards
PCI DSS
SAS 70
sas70
The Minnesota Plastic Card Security Act

The trend of late has been Payment Card Industry (PCI) Data Security Standards (DSS) compliance, along with a continued emphasis on the well known SAS 70 auditing standard. And occasionally, calls for GLBA and HIPAA compliance come calling also. As an auditor for many years, I’m often asked to look into the crystal ball of compliance and give my prescient thoughts and answers.

First and foremost, the requirements for SAS 70 Type II audit and PCI DSS assessment compliance will continue to grow larger; larger in scope regarding the actual requirements and larger in the number of companies having to comply. Data breaches are occurring at a feverish pace, causing great unrest for all participants involved. And add to the notion of the continued importance of corporate governance, regulatory compliance and security, and it becomes quite evident that SAS 70 and PCI will play a critical role for many years.

Additionally, more and more states will start to adopt various provisions of the PCI DSS requirements, turning them into an actual codification of laws for their respective states. Minnesota became that first state with the MN Plastic Card Security Act, followed by Nevada and a host of other states who are seriously looking to an adoption of PCI into law.

As for GLBA and HIPAA, they will more than likely continue to “limp” along as they simply lack the regulatory “teeth” that SAS 70 and PCI have. This may change if the SEC and The Department of Health and Human Services give HIPAA and GLBA more explicit requirements on compliance, but this is highly doubtful.

If you want to learn more about compliance, visit the SAS 70 Resource Guide and the PCI DSS Resource Guide.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: